<?php
	session_start();
	
	@chdir("../../");
	define('ABS_URL',str_replace("\\","/",getcwd()));
	require ABS_URL.'/engine/Smarty.class.php';
	require ABS_URL."/functions/class.query.inc.php";
	$smarty = new Smarty();
	require ABS_URL."/dev_con.inc.php";
	require ABS_URL."/functions/func_file.php";
	$queryData = new queryData();
	$queryData->baseConfig();
	require ABS_URL."/functions/func_content.php";
	require ABS_URL."/langs/".BASE_LANGUAGE.'.inc.php';
	require $queryData->get_curr_dir(dirname(__FILE__))."/langs/".BASE_LANGUAGE.'.inc.php';
	
	$filename = trim(strip_tags($_GET['filename']));
	
	$username = strip_tags(substr(trim($_POST['username']),0,32));
	$password = strip_tags(substr(trim(md5($_POST['password'])),0,32));
	
	$sql1 = "SELECT * FROM `tbl_login` WHERE namauser='".mysql_real_escape_string($username)."' AND passuser='".mysql_real_escape_string($password)."' LIMIT 1";
	$qry1 = mysql_query($sql1);
	$row1 = mysql_fetch_object($qry1);
	if (!empty($row1->id_user)) {
		if ($row1->id_user=='1') {
			$_SESSION['isroot'] = true;	
		} else {
			unset($_SESSION['isroot']);	
		}
		$_SESSION['sesi_login'] = true;
		$_SESSION['author'] = strtolower($username);
		$_SESSION['id_char'] = $row1->id_user;
		$_SESSION['admin_type'] = $row1->type_user;
		if ($filename!="")
			$filename = '?show=admin';
	} elseif ((isset($_GET['showview'])) && ($_GET['showview']=="logout")) {
		unset($_SESSION['sesi_login']);
		unset($_SESSION['author']);
		unset($_SESSION['id_char']);
		unset($_SESSION['admin_type']);
		session_destroy();
		if ($filename!="")
			$filename = '?show=admin';
	} else {
		$_SESSION['sesi_ver'] = $DEV_ADMIN_FAILED;
		if ($filename!="")
			$filename = '?show=admin';
	}
	
	header("Location:../../".$filename);	
?>